571 likes | 2.13k Views
Software Change Impact Analysis. Software and Complex Electronic Hardware Standardization Conference . Brenda S. Ocker, Software Technical Specialist. July 28, 2005. Presentation Overview. Background Purpose Definition of Major and Minor Components of CIA Process Example Summary.
E N D
Software Change Impact Analysis Software and Complex Electronic Hardware Standardization Conference Brenda S. Ocker, Software Technical Specialist July 28, 2005
Presentation Overview • Background • Purpose • Definition of Major and Minor • Components of CIA • Process • Example • Summary
History • Notice 8110.85, “Guidelines for the Oversight of Software Change Impact Analyses used to Classify Software Changes as Major or Minor” • Order 8110.49, Chapter 11
Purpose of CIA • Determine the impact of the change on the system • Assure that safety is not adversely affected • Determine the rework and reverification required • Determine the extent of certification authority involvement in the change
Definition of Major and Minor Change • 21.93(a) • Type Certificate • Supplemental Type Certificate • Parts Manufacturer Approval • 21.611(b) • Technical Standard Order (TSO)
Definition of Major and Minor Change • Per 14 CFR 21.93(a): • A minor change has “no appreciable effect on the weight, balance, structural strength, reliability, operational characteristics, or other characteristics affecting the airworthiness of the product” • All other changes are considered major
Definition of Major and Minor Change • Per 14 CFR 21.611(b): • A major change is a design change that is “extensive enough to require a substantially complete investigation to determine compliance with a TSO” • All other changes are considered minor • A minor change to the TSOA could have a major affect on the aircraft
Types of Software Changes • Pre-Certification • During software development/before software approval • Change control in place • Problem reporting & correction in place • Re-verification in place • Addressed in DO-178B, Sections 7 & 8
Types of Software Changes • Post-Certification • After software approval and product certification • Addressed in DO-178B, Section 12.1 • Order 8110.49 Chapter 11 focuses on the post-certification change
Components of a CIA • Identify software change • Perform analyses to assess the effect of the change • Identify life cycle data to be updated • Identify verification activities to be performed
Components of a CIA • Traceability Analysis • Requirements and Design • Code • Test Cases and Procedures • Memory Margin Analysis • Timing Margin Analysis • Data Flow Analysis • Control Flow Analysis
Components of a CIA • Input/Output Analysis • Development Environment and Process Analyses • Operational Characteristics Analysis • Certification Maintenance Requirements Analysis • Partitioning Analysis
Components of a CIA • Traceability Analysis • Requirements & Design Analysis • Identify affected requirements and architecture • Identify new functions and affect on existing functions • Code Analysis • Identify affected software components and interfaces • Identify new software components and interfaces • Test Cases and Procedures Analysis • Identify specific cases and procedures to be repeated to verify changes • Modify existing and/or add new test cases and procedures to verify added functionality • Verify no adverse effects result from changes
Components of a CIA • Memory Margin Analysis • Assure memory allocation requirements and margins are maintained • Examples of tasks: • Estimate change to flash memory • Estimate change to RAM • Evaluate memory margins
Components of a CIA • Timing Margin Analysis • Assure timing margin issues are not introduced due to the change • Examples of tasks: • Review timing requirements • Review CPU task scheduling requirements • Review interface timing requirements • Review changes to the timing margins (usually want at least 10% margin) • Review throughput change for each task
Components of a CIA • Data & Control Flow Analysis • Assess changes in data & control flow and coupling between software components • Evaluate any adverse affects due to the change • Required for Levels A, B, and C software
Components of a CIA • Input/Output (I/O) Analysis • Evaluate impact of the change on the interface with the external world • Examples of tasks: • Bus loading • External databus I/O • External hardwire I/O • Access to memory • Communication with hardware
Components of a CIA • Development Environment and Process Analyses • Identify changes in the environment or process that might have adverse affects on the system • Examples include changes to: • Compilers • Linkers • Loaders • Tools
Components of a CIA • Operational Characteristics Analysis • Identify adverse effects in the operational environment due to software changes. • Examples of changes that could affect the operation of the product: • Gain changes • Limit changes • Filter changes • Interrupt changes • Exception handling changes • Fault mitigation changes
Components of a CIA • Certification Maintenance Requirements (CMR) Analysis • Determine if the software change requires new or modified CMR • Example: • Assume the software change to the anti-skid systems increases the time that the brakes are applied during landing. This could result in more frequent maintenance of the brakes and tires.
Components of a CIA • Partitioning Analysis • Determine the affect of the software change on the protective mechanisms
Components of a CIA • Focus on the potential adverse affects • Changes to safety-related information • Safety-related requirements (including derived requirements) are changed • Changes in operational or procedural characteristics of the aircraft • Changes to flight crew procedures or increase in pilot workload • Added functions • Different processors, interfaces, and other hardware components or environment • Significant changes to life cycle data
Components of a CIA • Identify life cycle data to be updated • Identify verification activities to be performed
Components of a CIA • CIAs come in many forms • Extent of analysis depends on the change size and affected items • Enough detail to support the major or minor classification • Should be revised if the scope of the software change changes
CIA Process Start ApprovedClassificationProcedure? NO YES Work with ACO to classify Follow Procedure Change Major? NO YES ACO involved ACO not involved
Approved Classification Procedures • Approved procedures in place to classify changes as major or minor • Procedures should contain a process for: • Using CIA to classify change • Reviewing/approving the classification • Addressing minor changes • Addressing major changes • Informing FAA of all changes and proposed classifications • Obtaining FAA concurrence on proposed classification
No Classification Procedures • FAA more involved • Applicant performs CIA • Applicant proposes classification (major or minor) to FAA • FAA reviews/accepts/modifies the classification • Applicant & FAA follow procedures for major or minor changes, as applicable
Minor Changes • Change performed without FAA involvement • Data updated, as required • Software Accomplishment Summary (SAS), Software Configuration Index (SCI), and/or other documents submitted to FAA on a periodic basis
Major Changes • FAA and/or DER involved • PSAC and/or CIA submitted to FAA as agreed upon • SAS, SCI, and/or other agreed upon data submitted to ACO • ACO and/or DER reviews and approves data, as needed
Special Considerations for TSO Equipment • A minor change to the TSOA could have a major affect on the aircraft • TSOA Holder should consider the intended installation when performing the CIA • Installer also needs to perform CIA to address the effect of the change on the specific aircraft installation
Requirement ChangeExample • Change Requirement • New • Modified • Deleted • Most common type of change • Applicant’s and FAA’s role in the CIA process
Requirement Change:Applicant’s Responsibilities • Perform CIA to assure that the new or changed requirement: • Does not conflict with other requirements • Is unambiguously stated and verifiable • Is verified to meet requirements of software level • Achieves desired functionality
Requirement Change:Applicant’s Responsibilities • Assure that the following are completed, as needed: • Update the software architecture • Change prologue headers • Review changes against standards • Update traceability (both forward and backward)
Requirement Change:Applicant’s Responsibilities • Examine data elements to assure that new or changed code does not negatively impact existing functionality by: • Examining all areas of the code that use the same variables as those in the changed or new code • Re-examining variable declarations and interfaces • Examining control flow to assure that the change does not negatively impact execution sequence or timing
Requirement Change:Applicant’s Responsibilities • Assure that: • Verification test cases for new and changed requirements exist • All requirements-based tests (normal and robust) that trace to new or changed requirements are run or re-run • Structural coverage is achieved for new or changed area, and still achieved for areas of code with dependencies • Verification record that documents the regression analysis exists
Requirement Change:FAA’s Responsibilities • Review CIA, as needed • Oversee the applicant’s activities, when the change is major • Oversee designees • Perform on-site or desk-top reviews, as needed
Additional Information • View the “Software Change Impact Analysis” Video • Available through FAA Web-site:http://www.faa.gov/certification/aircraft/ • Link to “Aircraft Certification Software” on lower right hand side of page
Summary • Determine the impact of the change on the system • Assure that safety is not adversely affected • Determine the rework and reverification required • Determine the extent of certification authority involvement in the change